Google Chrome vulnerabilities
3,975 known vulnerabilities affecting google/chrome.
Total CVEs
3,975
CISA KEV
74
actively exploited
Public exploits
63
Exploited in wild
65
Severity breakdown
CRITICAL297HIGH2024MEDIUM1626LOW17UNKNOWN11
Vulnerabilities
Page 69 of 199
CVE-2021-38018MEDIUMCVSS 6.5fixed in 96.0.4664.45≥ unspecified, < 96.0.4664.452021-12-23
CVE-2021-38018 [MEDIUM] CVE-2021-38018: Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote a
Inappropriate implementation in navigation in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
nvd
CVE-2021-38010MEDIUMCVSS 6.5fixed in 96.0.4664.45≥ unspecified, < 96.0.4664.452021-12-23
CVE-2021-38010 [MEDIUM] CVE-2021-38010: Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a rem
Inappropriate implementation in service workers in Google Chrome prior to 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page.
nvd
CVE-2021-4059MEDIUMCVSS 6.5fixed in 96.0.4664.93≥ unspecified, < 96.0.4664.932021-12-23
CVE-2021-4059 [MEDIUM] CWE-20 CVE-2021-4059: Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attac
Insufficient data validation in loader in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2021-38009MEDIUMCVSS 6.5fixed in 96.0.4664.45≥ unspecified, < 96.0.4664.452021-12-23
CVE-2021-38009 [MEDIUM] CWE-203 CVE-2021-38009: Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attack
Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2021-38002CRITICALCVSS 9.6fixed in 95.0.4638.69≥ unspecified, < 95.0.4638.692021-11-23
CVE-2021-38002 [CRITICAL] CWE-416 CVE-2021-38002: Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to
Use after free in Web Transport in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2021-38001HIGHCVSS 8.8fixed in 95.0.4638.69≥ unspecified, < 95.0.4638.692021-11-23
CVE-2021-38001 [HIGH] CWE-843 CVE-2021-38001: Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially
Type confusion in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-37997HIGHCVSS 8.8fixed in 95.0.4638.69≥ unspecified, < 95.0.4638.692021-11-23
CVE-2021-37997 [HIGH] CWE-416 CVE-2021-37997: Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convi
Use after free in Sign-In in Google Chrome prior to 95.0.4638.69 allowed a remote attacker who convinced a user to sign into Chrome to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-38003HIGHCVSS 8.8KEVfixed in 95.0.4638.69≥ unspecified, < 95.0.4638.692021-11-23
CVE-2021-38003 [HIGH] CWE-755 CVE-2021-38003: Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker
Inappropriate implementation in V8 in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-37998HIGHCVSS 8.8fixed in 95.0.4638.69≥ unspecified, < 95.0.4638.692021-11-23
CVE-2021-37998 [HIGH] CWE-416 CVE-2021-37998: Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacke
Use after free in Garbage Collection in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-38000MEDIUMCVSS 6.1KEVfixed in 95.0.4638.69≥ unspecified, < 95.0.4638.692021-11-23
CVE-2021-38000 [MEDIUM] CWE-601 CVE-2021-38000: Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0.4638.69 allowed a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page.
nvd
CVE-2021-38004MEDIUMCVSS 4.3fixed in 95.0.4638.69≥ unspecified, < 95.0.4638.692021-11-23
CVE-2021-38004 [MEDIUM] CWE-668 CVE-2021-38004: Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote
Insufficient policy enforcement in Autofill in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
nvd
CVE-2021-37999MEDIUMCVSS 6.1fixed in 95.0.4638.69≥ unspecified, < 95.0.4638.692021-11-23
CVE-2021-37999 [MEDIUM] CWE-79 CVE-2021-37999: Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote
Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.
nvd
CVE-2020-6492CRITICALCVSS 9.6fixed in 83.0.4103.97≥ unspecified, < 83.0.4103.972021-11-02
CVE-2020-6492 [CRITICAL] CWE-416 CVE-2020-6492: Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentia
Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2021-37981CRITICALCVSS 9.6fixed in 95.0.4638.54≥ unspecified, < 95.0.4638.542021-11-02
CVE-2021-37981 [CRITICAL] CWE-787 CVE-2021-37981: Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who ha
Heap buffer overflow in Skia in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
nvd
CVE-2021-37980HIGHCVSS 7.4fixed in 94.0.4606.81≥ unspecified, < 94.0.4606.812021-11-02
CVE-2021-37980 [HIGH] CVE-2021-37980: Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote atta
Inappropriate implementation in Sandbox in Google Chrome prior to 94.0.4606.81 allowed a remote attacker to potentially bypass site isolation via Windows.
nvd
CVE-2021-37988HIGHCVSS 8.8fixed in 95.0.4638.54≥ unspecified, < 95.0.4638.542021-11-02
CVE-2021-37988 [HIGH] CWE-416 CVE-2021-37988: Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who conv
Use after free in Profiles in Google Chrome prior to 95.0.4638.54 allowed a remote attacker who convinced a user to engage in specific gestures to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-37991HIGHCVSS 7.5fixed in 95.0.4638.54≥ unspecified, < 95.0.4638.542021-11-02
CVE-2021-37991 [HIGH] CWE-362 CVE-2021-37991: Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit h
Race in V8 in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-37984HIGHCVSS 8.8fixed in 95.0.4638.54≥ unspecified, < 95.0.4638.542021-11-02
CVE-2021-37984 [HIGH] CWE-787 CVE-2021-37984: Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to p
Heap buffer overflow in PDFium in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2018-6122HIGHCVSS 8.8fixed in 66.0.3359.139≥ unspecified, < 66.0.3359.1392021-11-02
CVE-2018-6122 [HIGH] CWE-843 CVE-2018-6122: Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to p
Type confusion in WebAssembly in Google Chrome prior to 66.0.3359.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd
CVE-2021-37987HIGHCVSS 8.8fixed in 95.0.4638.54≥ unspecified, < 95.0.4638.542021-11-02
CVE-2021-37987 [HIGH] CWE-416 CVE-2021-37987: Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to p
Use after free in Network APIs in Google Chrome prior to 95.0.4638.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
nvd